On a Monday in 2024, Laine Stump wrote:
>While testing a recent patch that unsets the zone of bridge interfaces
>when a virtual network is stopped, a side effect was noticed: when
>firewalld reloaded its rules, this would result in an error log from
>libvirt complaining about attempting to unset the zone of an interface
>that wasn't in any zone. The two patches here fix that from different
>angles:
>
>* The first modifies the call to unsetZone so that it puts any error
> message returned from firewalld to libvirt into a virError object
> rather than logging it; this virError object is then silently
> discarded.
>
>* The second avoids even calling firewalld to unset the zone if it's
> just going to immediately be set again. This avoids an error message
> that would be logged directly by firewalld even if libvirt didn't
> log the message it received from firewalld.
>
>The combination of these two patches eliminate all misleading log
>messages about failed attempts to unset a zone.
>
>Laine Stump (2):
> network: ignore/don't log errors when unsetting firewalld zone
> network: don't unset the firewalld zone if it's going to be
> immediately re-set
>
> src/network/bridge_driver.c | 8 +++----
> src/network/bridge_driver_linux.c | 10 +++++----
> src/network/bridge_driver_nop.c | 4 +++-
> src/network/bridge_driver_platform.h | 3 ++-
> src/util/virfirewalld.c | 33 ++++++++++++++++++----------
> src/util/virfirewalld.h | 2 +-
> 6 files changed, 38 insertions(+), 22 deletions(-)
>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Jano